Bypassing HTTP Signature Verification in Misskey by Misskey Development Team
CVE-2026-28432
7.1HIGH
What is CVE-2026-28432?
Misskey, an open source federated social media platform, is susceptible to a vulnerability that permits the circumvention of HTTP signature verification across all instances, regardless of federation settings. This flaw affects all versions prior to 2026.3.1. Users and administrators should ensure that they update their installations to the latest version to mitigate potential security risks associated with this vulnerability.
Affected Version(s)
misskey < 2026.3.1
